refactoring

0021c392 · benjamin.ertl · 7d47a054 · 0021c392 · 0021c392 · 0021c392
Commit 0021c392 authored Jan 05, 2016 by benjamin.ertl
--- a/pom.xml
+++ b/pom.xml
@@ -16,6 +16,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-compiler-plugin</artifactId>
+				<version>3.2</version>
 				<configuration>
 					<source>${java.version}</source>
 					<target>${java.version}</target>

--- a/src/main/java/edu/kit/scc/dei/adsecp/EcpAuthenticator.java
+++ b/src/main/java/edu/kit/scc/dei/adsecp/EcpAuthenticator.java
@@ -20,7 +20,6 @@ import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
 import org.apache.directory.api.ldap.model.constants.SchemaConstants;
 import org.apache.directory.api.ldap.model.entry.Attribute;
 import org.apache.directory.api.ldap.model.entry.Entry;
-import org.apache.directory.api.ldap.model.entry.StringValue;
 import org.apache.directory.api.ldap.model.entry.Value;
 import org.apache.directory.api.ldap.model.exception.LdapAuthenticationException;
 import org.apache.directory.api.ldap.model.exception.LdapException;
@@ -58,6 +57,22 @@ public class EcpAuthenticator extends SimpleAuthenticator {

 	private static final Logger logger = LoggerFactory.getLogger(EcpAuthenticator.class);

+	// Reg-App connection properties, overwritten by system properties
+	// registerApp.serviceUrl
+	private static String serviceUrl = "https://localhost/rest/ecp/regid/";
+	// registerApp.serviceUsername
+	private static String serviceUsername = "ldaprest";
+	// registerApp.servicePassword
+	private static String servicePassword = "qwertz";
+	// from registerApp.serviceUrl
+	private static String serviceHost = "localhost";
+	// from registerApp.serviceUrl
+	private static int servicePort = 443;
+	// from registerApp.serviceUrl
+	private static String serviceProtocol = "http";
+	// registerApp.checkCert
+	private static Boolean checkCert = Boolean.TRUE;
+
 	public EcpAuthenticator() {
 		super();

@@ -74,103 +89,117 @@ public class EcpAuthenticator extends SimpleAuthenticator {
 			logger.debug("SimpleAuthentication succeded, no ECP auth");
 			return principal;
 		} catch (LdapException e) {
-			logger.debug("ECP Authenticate called");
+			logger.warn("LdapException", e);
+		}

-			if (bindContext.getEntry() == null || bindContext.getEntry().get("description") == null)
-				lookupUserPassword(bindContext);
+		logger.debug("ECP Authenticate called");

-			Object o = bindContext.getEntry().get("description").get();
-			String regId;
-			if (o instanceof StringValue)
-				regId = ((StringValue) o).getValue();
-			else
-				throw new IllegalStateException("description not of type String");
+		// TODO - needs to be reconsidered
+		//
+		// bindContext.getEntry() == null -> no ldap entry for dn
+		// bindContext.getEntry().get("description") == null -> no description
+		// attribute for ldap dn entry, associated with the user's Reg-App Id
+		//
+		// if (bindContext.getEntry() == null ||
+		// bindContext.getEntry().get("description") == null)
+		// lookupUserPassword(bindContext);

-			byte[] credentials = bindContext.getCredentials();
-			String password;
-			try {
-				password = new String(credentials, "UTF-8");
-			} catch (UnsupportedEncodingException e1) {
-				logger.error("Unsupported encoding: UTF-8");
-				throw new LdapAuthenticationException("Internal server error");
-			}
+		String regId = "";

-			logger.debug("trying login for regId {}", regId);
+		try {
+			regId = (String) bindContext.getEntry().get("description").get().getValue();
+		} catch (NullPointerException e) {
+			logger.error("Entry has no description", e);
+			// throw new IllegalStateException("entry has no description");
+		} catch (ClassCastException e) {
+			logger.error("Description not of type String", e);
+			throw new IllegalStateException("description not of type String");
+		}

-			String serviceUrl = "https://localhost/rest/ecp/regid/";
-			String serviceUsername = "ldaprest";
-			String servicePassword = "qwertz";
-			String serviceHost;
-			Boolean checkCert = Boolean.TRUE;
+		byte[] credentials = bindContext.getCredentials();
+		String password;
+		try {
+			password = new String(credentials, "UTF-8");
+		} catch (UnsupportedEncodingException e) {
+			logger.error("Unsupported encoding: UTF-8");
+			throw new LdapAuthenticationException("Internal server error");
+		}

-			if (System.getProperty("registerApp.serviceUrl") != null)
-				serviceUrl = System.getProperty("registerApp.serviceUrl");
-			if (System.getProperty("registerApp.serviceUsername") != null)
-				serviceUsername = System.getProperty("registerApp.serviceUsername");
-			if (System.getProperty("registerApp.servicePassword") != null)
-				servicePassword = System.getProperty("registerApp.servicePassword");
-			if (System.getProperty("registerApp.checkCert") != null)
-				checkCert = Boolean.parseBoolean(System.getProperty("registerApp.checkCert"));
+		logger.debug("trying login for regId {}", regId);

-			try {
-				serviceHost = new URI(serviceUrl).getHost();
-			} catch (URISyntaxException e2) {
-				logger.warn("Service URL is misconfigured", e2);
-				throw new LdapException(e2);
-			}
+		if (System.getProperty("registerApp.serviceUrl") != null)
+			serviceUrl = System.getProperty("registerApp.serviceUrl");
+		if (System.getProperty("registerApp.serviceUsername") != null)
+			serviceUsername = System.getProperty("registerApp.serviceUsername");
+		if (System.getProperty("registerApp.servicePassword") != null)
+			servicePassword = System.getProperty("registerApp.servicePassword");
+		if (System.getProperty("registerApp.checkCert") != null)
+			checkCert = Boolean.parseBoolean(System.getProperty("registerApp.checkCert"));

-			logger.debug("ECPAuth Config: url {}, user {}, pass {}, host {}, cert {}",
-					new Object[] { serviceUrl, serviceUsername, servicePassword, serviceHost, checkCert });
+		try {
+			serviceHost = new URI(serviceUrl).getHost();
+			servicePort = new URI(serviceUrl).getPort();
+			serviceProtocol = new URI(serviceUrl).getScheme();
+		} catch (URISyntaxException e) {
+			logger.warn("Service URL is misconfigured", e);
+			throw new LdapException(e);
+		}

-			DefaultHttpClient httpClient = getHttpClient(checkCert);
+		logger.debug("ECPAuth Config: url {}, user {}, pass {}, host {}, port {}, protocol {}, cert {}", new Object[] {
+				serviceUrl, serviceUsername, servicePassword, serviceHost, servicePort, serviceProtocol, checkCert });

-			httpClient.getCredentialsProvider().setCredentials(new AuthScope(serviceHost, 443),
-					new UsernamePasswordCredentials(serviceUsername, servicePassword));
+		DefaultHttpClient httpClient = getHttpClient(serviceProtocol, checkCert);

-			HttpPost post;
-			try {
-				post = new HttpPost(serviceUrl + URLEncoder.encode(regId, "UTF-8"));
-			} catch (UnsupportedEncodingException e2) {
-				logger.warn("UnsupportedEncodingException", e2);
-				throw new LdapException(e2);
-			}
+		httpClient.getCredentialsProvider().setCredentials(new AuthScope(serviceHost, servicePort),
+				new UsernamePasswordCredentials(serviceUsername, servicePassword));

-			try {
-				List<NameValuePair> nvps = new ArrayList<NameValuePair>();
-				nvps.add(new BasicNameValuePair("password", password));
-				post.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));
-				logger.debug(post.getEntity().toString());
-				HttpResponse response = httpClient.execute(post);
-				if (response.getStatusLine().getStatusCode() == HttpStatus.SC_OK) {
-					String responseString = EntityUtils.toString(response.getEntity());
-					logger.debug(responseString);
-					return new LdapPrincipal(getDirectoryService().getSchemaManager(), bindContext.getDn(),
-							AuthenticationLevel.SIMPLE);
-				} else if (response.getStatusLine().getStatusCode() == HttpStatus.SC_UNAUTHORIZED) {
-					logger.info("User {} is not authorized by idp", regId);
-				} else {
-					logger.warn("Statuscode bad: {}", response.getStatusLine());
-					String responseString = EntityUtils.toString(response.getEntity());
-					logger.debug(responseString);
-				}
-			} catch (UnsupportedEncodingException e1) {
-				logger.warn("UnsupportedEncodingException", e1);
-			} catch (ClientProtocolException e1) {
-				logger.warn("ClientProtocolException", e1);
-			} catch (ParseException e1) {
-				logger.warn("ParseException", e1);
-			} catch (IOException e1) {
-				logger.warn("IOException", e1);
+		HttpPost post;
+		try {
+			post = new HttpPost(serviceUrl + URLEncoder.encode(regId, "UTF-8"));
+
+			List<NameValuePair> nvps = new ArrayList<NameValuePair>();
+			nvps.add(new BasicNameValuePair("password", password));
+			post.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));
+
+			logger.debug(post.getEntity().toString());
+
+			HttpResponse response = httpClient.execute(post);
+
+			if (response.getStatusLine().getStatusCode() == HttpStatus.SC_OK) {
+				String responseString = EntityUtils.toString(response.getEntity());
+				logger.debug(responseString);
+				return new LdapPrincipal(getDirectoryService().getSchemaManager(), bindContext.getDn(),
+						AuthenticationLevel.SIMPLE);
+			} else if (response.getStatusLine().getStatusCode() == HttpStatus.SC_UNAUTHORIZED) {
+				logger.info("User {} is not authorized by idp", regId);
+			} else {
+				logger.warn("Statuscode bad: {}", response.getStatusLine());
+				String responseString = EntityUtils.toString(response.getEntity());
+				logger.debug(responseString);
 			}
-
-			String message = I18n.err(I18n.ERR_230, bindContext.getDn().getName());
-			logger.info(message);
-			throw new LdapAuthenticationException(message);
+		} catch (UnsupportedEncodingException e) {
+			logger.warn("UnsupportedEncodingException", e);
+		} catch (ClientProtocolException e) {
+			logger.warn("ClientProtocolException", e);
+		} catch (ParseException e) {
+			logger.warn("ParseException", e);
+		} catch (IOException e) {
+			logger.warn("IOException", e);
 		}
+
+		String message = I18n.err(I18n.ERR_230, bindContext.getDn().getName());
+		logger.info(message);
+		throw new LdapAuthenticationException(message);
+
 	}

-	private DefaultHttpClient getHttpClient(Boolean checkCert) {
-		if (!checkCert) {
+	private DefaultHttpClient getHttpClient(String serviceProtocol, Boolean checkCert) {
+		// TODO - remove in production
+		// HTTP support for testing
+		if (serviceProtocol.toLowerCase().equals("http")) {
+			return new DefaultHttpClient();
+		}
+		if (checkCert) {
 			return new DefaultHttpClient();
 		} else {
 			try {
@@ -206,6 +235,7 @@ public class EcpAuthenticator extends SimpleAuthenticator {
 		}
 	}

+	@SuppressWarnings("unused")
 	private byte[] lookupUserPassword(BindOperationContext bindContext) throws LdapException {
 		// ---- lookup the principal entry's userPassword attribute
 		Entry userEntry;

--- a/src/main/java/edu/kit/scc/ldap/LdapClient.java
+++ b/src/main/java/edu/kit/scc/ldap/LdapClient.java
+package edu.kit.scc.ldap;
+
+public class LdapClient {
+
+}
--- a/src/main/java/edu/kit/scc/oidc/OidcClient.java
+++ b/src/main/java/edu/kit/scc/oidc/OidcClient.java
+package edu.kit.scc.oidc;
+
+public class OidcClient {
+
+}
--- a/src/main/java/edu/kit/scc/saml/SamlClient.java
+++ b/src/main/java/edu/kit/scc/saml/SamlClient.java
+package edu.kit.scc.saml;
+
+public class SamlClient {
+
+}
--- a/src/main/java/edu/kit/scc/scim/ScimClient.java
+++ b/src/main/java/edu/kit/scc/scim/ScimClient.java
+package edu.kit.scc.scim;
+
+public class ScimClient {
+
+}